General

  • Target

    923c3a44d46872f842c33e538d9f86de_JaffaCakes118

  • Size

    458KB

  • Sample

    240813-jx48lsscrf

  • MD5

    923c3a44d46872f842c33e538d9f86de

  • SHA1

    3072d80b112881bffdf55ce7ec36ab6388a4c11f

  • SHA256

    50213c0e10a8dd0393f3c8574f907f12c7fa6947b8707f82ca1c06be6df67a2a

  • SHA512

    3320906076bf213a8f174b7753b0ad5ed157716d43807f943ecd01b7acb5ed3afcd1ac4ac639fcc2cd63ab5ca334e347020e96787f39fa13a5b5378d02a74f0f

  • SSDEEP

    6144:IkHo4crHMF2nREVyPE9ql6rdSpYKsxEvk4hO8NVIuhv+4Wz+coEZdiSV/8:hI4n1VSE9qlIdZKsxMkKdv8zlT

Malware Config

Extracted

Family

gozi

Attributes
  • build

    217170

Extracted

Family

gozi

Botnet

3004

C2

http://9JuUz3MMwxgb97N.xyz

Attributes
  • build

    217170

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      923c3a44d46872f842c33e538d9f86de_JaffaCakes118

    • Size

      458KB

    • MD5

      923c3a44d46872f842c33e538d9f86de

    • SHA1

      3072d80b112881bffdf55ce7ec36ab6388a4c11f

    • SHA256

      50213c0e10a8dd0393f3c8574f907f12c7fa6947b8707f82ca1c06be6df67a2a

    • SHA512

      3320906076bf213a8f174b7753b0ad5ed157716d43807f943ecd01b7acb5ed3afcd1ac4ac639fcc2cd63ab5ca334e347020e96787f39fa13a5b5378d02a74f0f

    • SSDEEP

      6144:IkHo4crHMF2nREVyPE9ql6rdSpYKsxEvk4hO8NVIuhv+4Wz+coEZdiSV/8:hI4n1VSE9qlIdZKsxMkKdv8zlT

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Enterprise v15

Tasks